ELSA-2024-5138

Опубликовано: 08 авг. 2024

Источник: oracle-oval

Платформа: Oracle Linux 9

Описание

ELSA-2024-5138: httpd security update (IMPORTANT)

[2.4.57-11.0.1.el9_4.1]

Replace index.html with Oracle's index page oracle_index.html.

[2.4.57-11.1]

Resolves: RHEL-46047 - httpd: Security issues via backend applications whose response headers are malicious or exploitable (CVE-2024-38476)
Resolves: RHEL-53021 - Regression introduced by CVE-2024-38474 fix

Обновленные пакеты

Oracle Linux 9

Oracle Linux aarch64

httpd

2.4.57-11.0.1.el9_4.1

httpd-core

2.4.57-11.0.1.el9_4.1

httpd-devel

2.4.57-11.0.1.el9_4.1

httpd-filesystem

2.4.57-11.0.1.el9_4.1

httpd-manual

2.4.57-11.0.1.el9_4.1

httpd-tools

2.4.57-11.0.1.el9_4.1

mod_ldap

2.4.57-11.0.1.el9_4.1

mod_lua

2.4.57-11.0.1.el9_4.1

mod_proxy_html

2.4.57-11.0.1.el9_4.1

mod_session

2.4.57-11.0.1.el9_4.1

mod_ssl

2.4.57-11.0.1.el9_4.1

Oracle Linux x86_64

httpd

2.4.57-11.0.1.el9_4.1

httpd-core

2.4.57-11.0.1.el9_4.1

httpd-devel

2.4.57-11.0.1.el9_4.1

httpd-filesystem

2.4.57-11.0.1.el9_4.1

httpd-manual

2.4.57-11.0.1.el9_4.1

httpd-tools

2.4.57-11.0.1.el9_4.1

mod_ldap

2.4.57-11.0.1.el9_4.1

mod_lua

2.4.57-11.0.1.el9_4.1

mod_proxy_html

2.4.57-11.0.1.el9_4.1

mod_session

2.4.57-11.0.1.el9_4.1

mod_ssl

2.4.57-11.0.1.el9_4.1

Связанные CVE

CVE-2024-38476

Ссылки на источники

Связанные уязвимости

CVE-2024-38476

CVSS3: 9.8

ubuntu

около 1 года назад

Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this issue.